CVE-2024-10326 – Elementor RomethemeKit WordPress Unauthenticated Data Modification Vulnerability

March 8, 2025
2:17 pm

CVE ID : CVE-2024-10326

Published : March 8, 2025, 1:15 p.m. | 59 minutes ago

Description : The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_options and reset_widgets functions in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or reset plugin widgets to their default state (all enabled). NOTE: This vulnerability was partially fixed in version 1.5.3.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-10326 – Elementor RomethemeKit WordPress Unauthenticated Data Modification Vulnerability

Elvescore.io

Recent Posts

CVE-2025-2124 – Control iD RH iD API Handler Cross-Site Scripting Vulnerability

CVE-2025-2125 – Control iD RH iD PDF Document Handler Improper Resource Control Vulnerability

CVE-2025-2126 – JoomlaUX JUX Real Estate SQL Injection

CVE-2025-2122 – Thinkware Car Dashcam F800 Pro Local Network Denial of Service Vulnerability

CVE-2025-2123 – GeSHi CSS Handler Cross-Site Scripting Vulnerability

CVE-2025-27636 – Apache Camel Header Injection Bypass

CVE-2024-10326 – Elementor RomethemeKit WordPress Unauthenticated Data Modification Vulnerability

CVE-2024-10326 – Elementor RomethemeKit WordPress Unauthenticated Data Modification Vulnerability